Merge

make/sun/net/FILES_java.gmk

 #
-# Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@ FILES_java = \
 	sun/net/ProgressListener.java \
 	sun/net/ProgressMeteringPolicy.java \
 	sun/net/SocksProxy.java \
+	sun/net/ResourceManager.java \
 	sun/net/TelnetInputStream.java \
 	sun/net/TelnetOutputStream.java \
 	sun/net/TelnetProtocolException.java \
@@ -100,6 +101,7 @@ FILES_java = \
 	sun/net/www/protocol/http/NegotiateAuthentication.java \
 	sun/net/www/protocol/http/Negotiator.java \
 	sun/net/www/protocol/http/ntlm/NTLMAuthentication.java \
+	sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java \
 	sun/net/www/protocol/http/spnego/NegotiatorImpl.java \
 	sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java \
 	sun/net/www/protocol/http/logging/HttpLogFormatter.java \

src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java

@@ -210,6 +210,8 @@ public final class Transform extends SignatureElementProxy {
     public static void init() {
         if (!alreadyInitialized) {
             transformClassHash = new HashMap(10);
+            // make sure builtin algorithms are all registered first
+            com.sun.org.apache.xml.internal.security.Init.init();
             alreadyInitialized = true;
         }
     }
@@ -236,12 +238,7 @@ public final class Transform extends SignatureElementProxy {
                "algorithm.alreadyRegistered", exArgs);
         }
 
-        ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
-            new PrivilegedAction() {
-                public Object run() {
-                    return Thread.currentThread().getContextClassLoader();
-                }
-            });
+        ClassLoader cl = Thread.currentThread().getContextClassLoader();
 
         try {
             transformClassHash.put

src/share/classes/java/awt/AWTEvent.java

@@ -33,6 +33,11 @@ import java.lang.reflect.Field;
 import sun.awt.AWTAccessor;
 import sun.util.logging.PlatformLogger;
 
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.io.ObjectInputStream;
+import java.io.IOException;
+
 /**
  * The root event class for all AWT events.
  * This class and its subclasses supercede the original
@@ -97,6 +102,22 @@ public abstract class AWTEvent extends EventObject {
      */
     protected boolean consumed = false;
 
+   /*
+    * The event's AccessControlContext.
+    */
+    private transient volatile AccessControlContext acc =
+        AccessController.getContext();
+
+   /*
+    * Returns the acc this event was constructed with.
+    */
+    final AccessControlContext getAccessControlContext() {
+        if (acc == null) {
+            throw new SecurityException("AWTEvent is missing AccessControlContext");
+        }
+        return acc;
+    }
+
     transient boolean focusManagerIsDispatching = false;
     transient boolean isPosted;
 
@@ -247,6 +268,10 @@ public abstract class AWTEvent extends EventObject {
                 public boolean isSystemGenerated(AWTEvent ev) {
                     return ev.isSystemGenerated;
                 }
+
+                public AccessControlContext getAccessControlContext(AWTEvent ev) {
+                    return ev.getAccessControlContext();
+                }
             });
     }
 

src/share/classes/java/awt/Component.java

@@ -59,6 +59,7 @@ import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.AccessControlContext;
 import javax.accessibility.*;
 import java.applet.Applet;
 
@@ -471,6 +472,12 @@ public abstract class Component implements ImageObserver, MenuContainer,
     static final Object LOCK = new AWTTreeLock();
     static class AWTTreeLock {}
 
+    /*
+     * The component's AccessControlContext.
+     */
+    private transient volatile AccessControlContext acc =
+        AccessController.getContext();
+
     /**
      * Minimum size.
      * (This field perhaps should have been transient).
@@ -671,6 +678,16 @@ public abstract class Component implements ImageObserver, MenuContainer,
         return objectLock;
     }
 
+    /*
+     * Returns the acc this component was constructed with.
+     */
+    final AccessControlContext getAccessControlContext() {
+        if (acc == null) {
+            throw new SecurityException("Component is missing AccessControlContext");
+        }
+        return acc;
+    }
+
     boolean isPacked = false;
 
     /**
@@ -950,6 +967,10 @@ public abstract class Component implements ImageObserver, MenuContainer,
             public void processEvent(Component comp, AWTEvent e) {
                 comp.processEvent(e);
             }
+
+            public AccessControlContext getAccessControlContext(Component comp) {
+                return comp.getAccessControlContext();
+            }
         });
     }
 
@@ -8613,6 +8634,8 @@ public abstract class Component implements ImageObserver, MenuContainer,
     {
         objectLock = new Object();
 
+        acc = AccessController.getContext();
+
         s.defaultReadObject();
 
         appContext = AppContext.getAppContext();

src/share/classes/java/awt/EventQueue.java

@@ -48,6 +48,12 @@ import sun.awt.AWTAccessor;
 import java.util.concurrent.locks.Condition;
 import java.util.concurrent.locks.Lock;
 
+import java.security.AccessControlContext;
+import java.security.ProtectionDomain;
+
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecurityAccess;
+
 /**
  * <code>EventQueue</code> is a platform-independent class
  * that queues events, both from the underlying peer classes
@@ -612,6 +618,9 @@ public class EventQueue {
         return null;
     }
 
+    private static final JavaSecurityAccess javaSecurityAccess =
+        SharedSecrets.getJavaSecurityAccess();
+
     /**
      * Dispatches an event. The manner in which the event is
      * dispatched depends upon the type of the event and the
@@ -650,13 +659,49 @@ public class EventQueue {
      * @throws NullPointerException if <code>event</code> is <code>null</code>
      * @since           1.2
      */
-    protected void dispatchEvent(AWTEvent event) {
+    protected void dispatchEvent(final AWTEvent event) {
+        final Object src = event.getSource();
+        final PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
+            public Void run() {
+                dispatchEventImpl(event, src);
+                return null;
+            }
+        };
+
+        final AccessControlContext stack = AccessController.getContext();
+        final AccessControlContext srcAcc = getAccessControlContextFrom(src);
+        final AccessControlContext eventAcc = event.getAccessControlContext();
+        if (srcAcc == null) {
+            javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc);
+        } else {
+            javaSecurityAccess.doIntersectionPrivilege(
+                new PrivilegedAction<Void>() {
+                    public Void run() {
+                        javaSecurityAccess.doIntersectionPrivilege(action, eventAcc);
+                        return null;
+                    }
+                }, stack, srcAcc);
+        }
+    }
+
+    private static AccessControlContext getAccessControlContextFrom(Object src) {
+        return src instanceof Component ?
+            ((Component)src).getAccessControlContext() :
+            src instanceof MenuComponent ?
+                ((MenuComponent)src).getAccessControlContext() :
+                src instanceof TrayIcon ?
+                    ((TrayIcon)src).getAccessControlContext() :
+                    null;
+    }
+
+    /**
+     * Called from dispatchEvent() under a correct AccessControlContext
+     */
+    private void dispatchEventImpl(final AWTEvent event, final Object src) {
         event.isPosted = true;
-        Object src = event.getSource();
         if (event instanceof ActiveEvent) {
             // This could become the sole method of dispatching in time.
             setCurrentEventAndMostRecentTimeImpl(event);
-
             ((ActiveEvent)event).dispatch();
         } else if (src instanceof Component) {
             ((Component)src).dispatchEvent(event);

src/share/classes/java/awt/MenuComponent.java

@@ -33,6 +33,9 @@ import sun.awt.SunToolkit;
 import sun.awt.AWTAccessor;
 import javax.accessibility.*;
 
+import java.security.AccessControlContext;
+import java.security.AccessController;
+
 /**
  * The abstract class <code>MenuComponent</code> is the superclass
  * of all menu-related components. In this respect, the class
@@ -99,6 +102,23 @@ public abstract class MenuComponent implements java.io.Serializable {
      */
     boolean newEventsOnly = false;
 
+    /*
+     * The menu's AccessControlContext.
+     */
+    private transient volatile AccessControlContext acc =
+            AccessController.getContext();
+
+    /*
+     * Returns the acc this menu component was constructed with.
+     */
+    final AccessControlContext getAccessControlContext() {
+        if (acc == null) {
+            throw new SecurityException(
+                    "MenuComponent is missing AccessControlContext");
+        }
+        return acc;
+    }
+
     /*
      * Internal constants for serialization.
      */
@@ -402,6 +422,9 @@ public abstract class MenuComponent implements java.io.Serializable {
         throws ClassNotFoundException, IOException, HeadlessException
     {
         GraphicsEnvironment.checkHeadless();
+
+        acc = AccessController.getContext();
+
         s.defaultReadObject();
 
         appContext = AppContext.getAppContext();

src/share/classes/java/awt/TrayIcon.java

@@ -40,6 +40,8 @@ import sun.awt.AppContext;
 import sun.awt.SunToolkit;
 import sun.awt.HeadlessToolkit;
 import java.util.EventObject;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 
 /**
  * A <code>TrayIcon</code> object represents a tray icon that can be
@@ -90,6 +92,7 @@ import java.util.EventObject;
  * @author Anton Tarasov
  */
 public class TrayIcon {
+
     private Image image;
     private String tooltip;
     private PopupMenu popup;
@@ -103,6 +106,24 @@ public class TrayIcon {
     transient MouseMotionListener mouseMotionListener;
     transient ActionListener actionListener;
 
+    /*
+     * The tray icon's AccessControlContext.
+     *
+     * Unlike the acc in Component, this field is made final
+     * because TrayIcon is not serializable.
+     */
+    private final AccessControlContext acc = AccessController.getContext();
+
+    /*
+     * Returns the acc this tray icon was constructed with.
+     */
+    final AccessControlContext getAccessControlContext() {
+        if (acc == null) {
+            throw new SecurityException("TrayIcon is missing AccessControlContext");
+        }
+        return acc;
+    }
+
     static {
         Toolkit.loadLibraries();
         if (!GraphicsEnvironment.isHeadless()) {

src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java

@@ -28,6 +28,7 @@ import java.io.FileDescriptor;
 import java.io.IOException;
 import java.io.InterruptedIOException;
 import java.util.Enumeration;
+import sun.net.ResourceManager;
 
 /**
  * Abstract datagram and multicast socket implementation base class.
@@ -66,7 +67,14 @@ abstract class AbstractPlainDatagramSocketImpl extends DatagramSocketImpl
      */
     protected synchronized void create() throws SocketException {
         fd = new FileDescriptor();
-        datagramSocketCreate();
+        ResourceManager.beforeUdpCreate();
+        try {
+            datagramSocketCreate();
+        } catch (SocketException ioe) {
+            ResourceManager.afterUdpClose();
+            fd = null;
+            throw ioe;
+        }
     }
 
     /**
@@ -211,6 +219,7 @@ abstract class AbstractPlainDatagramSocketImpl extends DatagramSocketImpl
     protected void close() {
         if (fd != null) {
             datagramSocketClose();
+            ResourceManager.afterUdpClose();
             fd = null;
         }
     }

src/share/classes/java/net/AbstractPlainSocketImpl.java

@@ -32,6 +32,7 @@ import java.io.FileDescriptor;
 
 import sun.net.ConnectionResetException;
 import sun.net.NetHooks;
+import sun.net.ResourceManager;
 
 /**
  * Default Socket Implementation. This implementation does
@@ -68,6 +69,10 @@ abstract class AbstractPlainSocketImpl extends SocketImpl
     private int resetState;
     private final Object resetLock = new Object();
 
+   /* whether this Socket is a stream (TCP) socket or not (UDP)
+    */
+    private boolean stream;
+
     /**
      * Load net library into runtime.
      */
@@ -82,7 +87,19 @@ abstract class AbstractPlainSocketImpl extends SocketImpl
      */
     protected synchronized void create(boolean stream) throws IOException {
         fd = new FileDescriptor();
-        socketCreate(stream);
+        this.stream = stream;
+        if (!stream) {
+            ResourceManager.beforeUdpCreate();
+            try {
+                socketCreate(false);
+            } catch (IOException ioe) {
+                ResourceManager.afterUdpClose();
+                fd = null;
+                throw ioe;
+            }
+        } else {
+            socketCreate(true);
+        }
         if (socket != null)
             socket.setCreated();
         if (serverSocket != null)
@@ -479,6 +496,9 @@ abstract class AbstractPlainSocketImpl extends SocketImpl
     protected void close() throws IOException {
         synchronized(fdLock) {
             if (fd != null) {
+                if (!stream) {
+                    ResourceManager.afterUdpClose();
+                }
                 if (fdUseCount == 0) {
                     if (closePending) {
                         return;

src/share/classes/java/security/AccessControlContext.java

@@ -29,6 +29,9 @@ import java.util.ArrayList;
 import java.util.List;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
+import sun.misc.JavaSecurityAccess;
+import sun.misc.SharedSecrets;
+
 
 /**
  * An AccessControlContext is used to make system resource access decisions
@@ -196,6 +199,24 @@ public final class AccessControlContext {
         this.isPrivileged = isPrivileged;
     }
 
+    /**
+     * Constructor for JavaSecurityAccess.doIntersectionPrivilege()
+     */
+    AccessControlContext(ProtectionDomain[] context,
+                         AccessControlContext privilegedContext)
+    {
+        this.context = context;
+        this.privilegedContext = privilegedContext;
+        this.isPrivileged = true;
+    }
+
+    /**
+     * Returns this context's context.
+     */
+    ProtectionDomain[] getContext() {
+        return context;
+    }
+
     /**
      * Returns true if this context is privileged.
      */

src/share/classes/java/security/ProtectionDomain.java

@@ -36,6 +36,8 @@ import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
 import sun.misc.SharedSecrets;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
+import sun.misc.JavaSecurityAccess;
+import sun.misc.SharedSecrets;
 
 /**
  *
@@ -59,6 +61,36 @@ import sun.security.util.SecurityConstants;
 
 public class ProtectionDomain {
 
+    static {
+        // Set up JavaSecurityAccess in SharedSecrets
+        SharedSecrets.setJavaSecurityAccess(
+            new JavaSecurityAccess() {
+                public <T> T doIntersectionPrivilege(
+                    PrivilegedAction<T> action,
+                    final AccessControlContext stack,
+                    final AccessControlContext context)
+                {
+                    if (action == null) {
+                        throw new NullPointerException();
+                    }
+                    return AccessController.doPrivileged(
+                        action,
+                        new AccessControlContext(
+                            stack.getContext(), context).optimize()
+                    );
+                }
+
+                public <T> T doIntersectionPrivilege(
+                    PrivilegedAction<T> action,
+                    AccessControlContext context)
+                {
+                    return doIntersectionPrivilege(action,
+                        AccessController.getContext(), context);
+                }
+            }
+       );
+    }
+
     /* CodeSource */
     private CodeSource codesource ;
 

src/share/classes/javax/swing/Timer.java

@@ -35,6 +35,10 @@ import java.util.concurrent.locks.*;
 import java.awt.*;
 import java.awt.event.*;
 import java.io.Serializable;
+import java.io.*;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import javax.swing.event.EventListenerList;
 
 
@@ -208,6 +212,22 @@ public class Timer implements Serializable
         }
     }
 
+    /*
+     * The timer's AccessControlContext.
+     */
+     private transient volatile AccessControlContext acc =
+            AccessController.getContext();
+
+    /**
+      * Returns the acc this timer was constructed with.
+      */
+     final AccessControlContext getAccessControlContext() {
+       if (acc == null) {
+           throw new SecurityException(
+                   "Timer is missing AccessControlContext");
+       }
+       return acc;
+     }
 
     /**
      * DoPostEvent is a runnable class that fires actionEvents to
@@ -587,8 +607,13 @@ public class Timer implements Serializable
 
 
     void post() {
-        if (notify.compareAndSet(false, true) || !coalesce) {
-            SwingUtilities.invokeLater(doPostEvent);
+         if (notify.compareAndSet(false, true) || !coalesce) {
+             AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                 public Void run() {
+                     SwingUtilities.invokeLater(doPostEvent);
+                     return null;
+                }
+            }, getAccessControlContext());
         }
     }
 
@@ -596,6 +621,13 @@ public class Timer implements Serializable
         return lock;
     }
 
+    private void readObject(ObjectInputStream in)
+        throws ClassNotFoundException, IOException
+    {
+        this.acc = AccessController.getContext();
+        in.defaultReadObject();
+    }
+
     /*
      * We have to use readResolve because we can not initialize final
      * fields for deserialized object otherwise

src/share/classes/javax/swing/TransferHandler.java

@@ -42,6 +42,16 @@ import sun.awt.AppContext;
 import sun.swing.*;
 import sun.awt.SunToolkit;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+import java.security.AccessControlContext;
+import java.security.ProtectionDomain;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecurityAccess;
+
+import sun.awt.AWTAccessor;
+
 /**
  * This class is used to handle the transfer of a <code>Transferable</code>
  * to and from Swing components.  The <code>Transferable</code> is used to
@@ -1686,7 +1696,37 @@ public class TransferHandler implements Serializable {
             return true;
         }
 
-        public void actionPerformed(ActionEvent e) {
+        private static final JavaSecurityAccess javaSecurityAccess =
+            SharedSecrets.getJavaSecurityAccess();
+
+        public void actionPerformed(final ActionEvent e) {
+            final Object src = e.getSource();
+
+            final PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
+                public Void run() {
+                    actionPerformedImpl(e);
+                    return null;
+                }
+            };
+
+            final AccessControlContext stack = AccessController.getContext();
+            final AccessControlContext srcAcc = AWTAccessor.getComponentAccessor().getAccessControlContext((Component)src);
+            final AccessControlContext eventAcc = AWTAccessor.getAWTEventAccessor().getAccessControlContext(e);
+
+                if (srcAcc == null) {
+                    javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc);
+                } else {
+                    javaSecurityAccess.doIntersectionPrivilege(
+                        new PrivilegedAction<Void>() {
+                            public Void run() {
+                                javaSecurityAccess.doIntersectionPrivilege(action, eventAcc);
+                                return null;
+                             }
+                    }, stack, srcAcc);
+                }
+        }
+
+        private void actionPerformedImpl(ActionEvent e) {
             Object src = e.getSource();
             if (src instanceof JComponent) {
                 JComponent c = (JComponent) src;

src/share/classes/sun/awt/AWTAccessor.java

@@ -33,6 +33,9 @@ import java.awt.image.BufferedImage;
 import sun.misc.Unsafe;
 import java.awt.peer.ComponentPeer;
 
+import java.security.AccessController;
+import java.security.AccessControlContext;
+
 /**
  * The AWTAccessor utility class.
  * The main purpose of this class is to enable accessing
@@ -221,6 +224,13 @@ public final class AWTAccessor {
          * Processes events occurring on this component.
          */
         void processEvent(Component comp, AWTEvent e);
+
+
+        /*
+         * Returns the acc this component was constructed with.
+         */
+        AccessControlContext getAccessControlContext(Component comp);
+
     }
 
     /*
@@ -323,6 +333,13 @@ public final class AWTAccessor {
          * Indicates whether this AWTEvent was generated by the system.
          */
         boolean isSystemGenerated(AWTEvent ev);
+
+
+        /*
+         * Returns the acc this event was constructed with.
+         */
+        AccessControlContext getAccessControlContext(AWTEvent ev);
+
     }
 
     public interface InputEventAccessor {

src/share/classes/sun/font/FileFont.java

@@ -32,22 +32,13 @@ import java.awt.geom.Point2D;
 import java.awt.geom.Rectangle2D;
 import java.io.File;
 import java.nio.ByteBuffer;
-import java.nio.channels.FileChannel;
 import sun.java2d.Disposer;
 import sun.java2d.DisposerRecord;
 
-import java.lang.ref.WeakReference;
-import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.io.RandomAccessFile;
-import java.io.UnsupportedEncodingException;
-import java.nio.ByteOrder;
-import java.nio.MappedByteBuffer;
-import java.nio.BufferUnderflowException;
-import java.nio.channels.ClosedChannelException;
-import java.util.HashSet;
-import java.util.HashMap;
-import java.awt.Font;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 public abstract class FileFont extends PhysicalFont {
 
@@ -286,4 +277,49 @@ public abstract class FileFont extends PhysicalFont {
             });
         }
     }
+
+    protected String getPublicFileName() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            return platName;
+        }
+        boolean canReadProperty = true;
+
+        try {
+            sm.checkPropertyAccess("java.io.tmpdir");
+        } catch (SecurityException e) {
+            canReadProperty = false;
+        }
+
+        if (canReadProperty) {
+            return platName;
+        }
+
+        final File f = new File(platName);
+
+        Boolean isTmpFile = Boolean.FALSE;
+        try {
+            isTmpFile = AccessController.doPrivileged(
+                new PrivilegedExceptionAction<Boolean>() {
+                    public Boolean run() {
+                        File tmp = new File(System.getProperty("java.io.tmpdir"));
+                        try {
+                            String tpath = tmp.getCanonicalPath();
+                            String fpath = f.getCanonicalPath();
+
+                            return (fpath == null) || fpath.startsWith(tpath);
+                        } catch (IOException e) {
+                            return Boolean.TRUE;
+                        }
+                    }
+                }
+            );
+        } catch (PrivilegedActionException e) {
+            // unable to verify whether value of java.io.tempdir will be
+            // exposed, so return only a name of the font file.
+            isTmpFile = Boolean.TRUE;
+        }
+
+        return  isTmpFile ? "temp file" : platName;
+    }
 }

src/share/classes/sun/font/TrueTypeFont.java

@@ -519,7 +519,8 @@ public class TrueTypeFont extends FileFont {
                 break;
 
             default:
-                throw new FontFormatException("Unsupported sfnt " + platName);
+                throw new FontFormatException("Unsupported sfnt " +
+                                              getPublicFileName());
             }
 
             /* Now have the offset of this TT font (possibly within a TTC)
@@ -1680,7 +1681,6 @@ public class TrueTypeFont extends FileFont {
     @Override
     public String toString() {
         return "** TrueType Font: Family="+familyName+ " Name="+fullName+
-            " style="+style+" fileName="+platName;
+            " style="+style+" fileName="+getPublicFileName();
     }
-
 }

src/share/classes/sun/font/Type1Font.java

@@ -677,6 +677,6 @@ public class Type1Font extends FileFont {
 
     public String toString() {
         return "** Type1 Font: Family="+familyName+ " Name="+fullName+
-            " style="+style+" fileName="+platName;
+            " style="+style+" fileName="+getPublicFileName();
     }
 }

src/share/classes/sun/misc/JavaSecurityAccess.java

+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.misc;
+
+import java.security.AccessControlContext;
+import java.security.PrivilegedAction;
+
+public interface JavaSecurityAccess {
+
+    <T> T doIntersectionPrivilege(PrivilegedAction<T> action,
+                                  AccessControlContext stack,
+                                  AccessControlContext context);
+
+    <T> T doIntersectionPrivilege(PrivilegedAction<T> action,
+                                  AccessControlContext context);
+
+}

src/share/classes/sun/misc/SharedSecrets.java

@@ -30,6 +30,8 @@ import java.io.Console;
 import java.io.FileDescriptor;
 import java.security.ProtectionDomain;
 
+import java.security.AccessController;
+
 /** A repository of "shared secrets", which are a mechanism for
     calling implementation-private methods in another package without
     using reflection. A package-private class implements a public
@@ -48,6 +50,7 @@ public class SharedSecrets {
     private static JavaNioAccess javaNioAccess;
     private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
     private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
+    private static JavaSecurityAccess javaSecurityAccess;
 
     public static JavaUtilJarAccess javaUtilJarAccess() {
         if (javaUtilJarAccess == null) {
@@ -125,4 +128,15 @@ public class SharedSecrets {
                 unsafe.ensureClassInitialized(ProtectionDomain.class);
             return javaSecurityProtectionDomainAccess;
     }
+
+    public static void setJavaSecurityAccess(JavaSecurityAccess jsa) {
+        javaSecurityAccess = jsa;
+    }
+
+    public static JavaSecurityAccess getJavaSecurityAccess() {
+        if (javaSecurityAccess == null) {
+            unsafe.ensureClassInitialized(AccessController.class);
+        }
+        return javaSecurityAccess;
+    }
 }

src/share/classes/sun/net/ResourceManager.java

+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.net;
+
+import java.net.SocketException;
+import java.util.concurrent.atomic.AtomicInteger;
+import sun.security.action.GetPropertyAction;
+
+/**
+ * Manages count of total number of UDP sockets and ensures
+ * that exception is thrown if we try to create more than the
+ * configured limit.
+ *
+ * This functionality could be put in NetHooks some time in future.
+ */
+
+public class ResourceManager {
+
+    /* default maximum number of udp sockets per VM
+     * when a security manager is enabled.
+     * The default is 1024 which is high enough to be useful
+     * but low enough to be well below the maximum number
+     * of port numbers actually available on all OSes for
+     * such sockets (5000 on some versions of windows)
+     */
+
+    private static final int DEFAULT_MAX_SOCKETS = 1024;
+    private static final int maxSockets;
+    private static final AtomicInteger numSockets;
+
+    static {
+        String prop = java.security.AccessController.doPrivileged(
+            new GetPropertyAction("sun.net.maxDatagramSockets")
+        );
+        int defmax = DEFAULT_MAX_SOCKETS;
+        try {
+            if (prop != null) {
+                defmax = Integer.parseInt(prop);
+            }
+        } catch (NumberFormatException e) {}
+        maxSockets = defmax;
+        numSockets = new AtomicInteger(0);
+    }
+
+    public static void beforeUdpCreate() throws SocketException {
+        if (System.getSecurityManager() != null) {
+            if (numSockets.incrementAndGet() > maxSockets) {
+                numSockets.decrementAndGet();
+                throw new SocketException("maximum number of DatagramSockets reached");
+            }
+        }
+    }
+
+    public static void afterUdpClose() {
+        if (System.getSecurityManager() != null) {
+            numSockets.decrementAndGet();
+        }
+    }
+}

src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java

@@ -2173,6 +2173,13 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
                         if (tryTransparentNTLMServer) {
                             tryTransparentNTLMServer =
                                     NTLMAuthenticationProxy.proxy.supportsTransparentAuth;
+                            /* If the platform supports transparent authentication
+                             * then check if we are in a secure environment
+                             * whether, or not, we should try transparent authentication.*/
+                            if (tryTransparentNTLMServer) {
+                                tryTransparentNTLMServer =
+                                        NTLMAuthenticationProxy.proxy.isTrustedSite(url);
+                            }
                         }
                         a = null;
                         if (tryTransparentNTLMServer) {

src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java

@@ -36,12 +36,14 @@ import sun.util.logging.PlatformLogger;
  */
 class NTLMAuthenticationProxy {
     private static Method supportsTA;
+    private static Method isTrustedSite;
     private static final String clazzStr = "sun.net.www.protocol.http.ntlm.NTLMAuthentication";
     private static final String supportsTAStr = "supportsTransparentAuth";
+    private static final String isTrustedSiteStr = "isTrustedSite";
 
     static final NTLMAuthenticationProxy proxy = tryLoadNTLMAuthentication();
     static final boolean supported = proxy != null ? true : false;
-    static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth(supportsTA) : false;
+    static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth() : false;
 
     private final Constructor<? extends AuthenticationInfo> threeArgCtr;
     private final Constructor<? extends AuthenticationInfo> fiveArgCtr;
@@ -82,9 +84,22 @@ class NTLMAuthenticationProxy {
      * authentication (try with the current users credentials before
      * prompting for username and password, etc).
      */
-    private static boolean supportsTransparentAuth(Method method) {
+    private static boolean supportsTransparentAuth() {
         try {
-            return (Boolean)method.invoke(null);
+            return (Boolean)supportsTA.invoke(null);
+        } catch (ReflectiveOperationException roe) {
+            finest(roe);
+        }
+
+        return false;
+    }
+
+    /* Transparent authentication should only be tried with a trusted
+     * site ( when running in a secure environment ).
+     */
+    public static boolean isTrustedSite(URL url) {
+        try {
+            return (Boolean)isTrustedSite.invoke(null, url);
         } catch (ReflectiveOperationException roe) {
             finest(roe);
         }
@@ -112,6 +127,7 @@ class NTLMAuthenticationProxy {
                                             int.class,
                                             PasswordAuthentication.class);
                 supportsTA = cl.getDeclaredMethod(supportsTAStr);
+                isTrustedSite = cl.getDeclaredMethod(isTrustedSiteStr, java.net.URL.class);
                 return new NTLMAuthenticationProxy(threeArg,
                                                    fiveArg);
             }

src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java

+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.net.www.protocol.http.ntlm;
+
+import java.net.URL;
+
+/**
+ * This class is used to call back to deployment to determine if a given
+ * URL is trusted. Transparent authentication (try with logged in users
+ * credentials without prompting) should only be tried with trusted sites.
+ */
+public abstract class NTLMAuthenticationCallback {
+    private static volatile NTLMAuthenticationCallback callback =
+            new DefaultNTLMAuthenticationCallback();
+
+    public static void setNTLMAuthenticationCallback(
+            NTLMAuthenticationCallback callback) {
+        NTLMAuthenticationCallback.callback = callback;
+    }
+
+    public static NTLMAuthenticationCallback getNTLMAuthenticationCallback() {
+        return callback;
+    }
+
+    /**
+     * Returns true if the given site is trusted, i.e. we can try
+     * transparent Authentication.
+     */
+    public abstract boolean isTrustedSite(URL url);
+
+    static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback {
+        @Override
+        public boolean isTrustedSite(URL url) { return true; }
+    }
+}
+

src/share/classes/sun/nio/ch/DatagramChannelImpl.java

@@ -32,6 +32,7 @@ import java.nio.ByteBuffer;
 import java.nio.channels.*;
 import java.nio.channels.spi.*;
 import java.util.*;
+import sun.net.ResourceManager;
 
 
 /**
@@ -101,14 +102,22 @@ class DatagramChannelImpl
         throws IOException
     {
         super(sp);
-        this.family = Net.isIPv6Available() ?
-            StandardProtocolFamily.INET6 : StandardProtocolFamily.INET;
-        this.fd = Net.socket(family, false);
-        this.fdVal = IOUtil.fdVal(fd);
-        this.state = ST_UNCONNECTED;
+        ResourceManager.beforeUdpCreate();
+        try {
+            this.family = Net.isIPv6Available() ?
+                StandardProtocolFamily.INET6 : StandardProtocolFamily.INET;
+            this.fd = Net.socket(family, false);
+            this.fdVal = IOUtil.fdVal(fd);
+            this.state = ST_UNCONNECTED;
+        } catch (IOException ioe) {
+            ResourceManager.afterUdpClose();
+            throw ioe;
+        }
     }
 
-    public DatagramChannelImpl(SelectorProvider sp, ProtocolFamily family) {
+    public DatagramChannelImpl(SelectorProvider sp, ProtocolFamily family)
+        throws IOException
+    {
         super(sp);
         if ((family != StandardProtocolFamily.INET) &&
             (family != StandardProtocolFamily.INET6))
@@ -957,6 +966,7 @@ class DatagramChannelImpl
     protected void implCloseSelectableChannel() throws IOException {
         synchronized (stateLock) {
             nd.preClose(fd);
+            ResourceManager.afterUdpClose();
 
             // if member of mulitcast group then invalidate all keys
             if (registry != null)

src/share/classes/sun/nio/ch/Net.java

@@ -312,11 +312,12 @@ class Net {                                             // package-private
 
     private static native boolean canJoin6WithIPv4Group0();
 
-    static FileDescriptor socket(boolean stream) {
+    static FileDescriptor socket(boolean stream) throws IOException {
         return socket(UNSPEC, stream);
     }
 
-    static FileDescriptor socket(ProtocolFamily family, boolean stream) {
+    static FileDescriptor socket(ProtocolFamily family, boolean stream)
+        throws IOException {
         boolean preferIPv6 = isIPv6Available() &&
             (family != StandardProtocolFamily.INET);
         return IOUtil.newFD(socket0(preferIPv6, stream, false));

src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java

@@ -68,6 +68,9 @@ import sun.net.www.protocol.http.HttpURLConnection;
 public class NTLMAuthentication extends AuthenticationInfo {
     private static final long serialVersionUID = 170L;
 
+    private static final NTLMAuthenticationCallback NTLMAuthCallback =
+        NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
+
     private String hostname;
     private static String defaultDomain; /* Domain to use if not specified by user */
 
@@ -81,6 +84,14 @@ public class NTLMAuthentication extends AuthenticationInfo {
         return false;
     }
 
+    /**
+     * Returns true if the given site is trusted, i.e. we can try
+     * transparent Authentication.
+     */
+    public static boolean isTrustedSite(URL url) {
+        return NTLMAuthCallback.isTrustedSite(url);
+    }
+
     private void init0() {
 
         hostname = java.security.AccessController.doPrivileged(

src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java

@@ -45,6 +45,9 @@ public class NTLMAuthentication extends AuthenticationInfo {
 
     private static final long serialVersionUID = 100L;
 
+    private static final NTLMAuthenticationCallback NTLMAuthCallback =
+        NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
+
     private String hostname;
     private static String defaultDomain; /* Domain to use if not specified by user */
 
@@ -142,6 +145,14 @@ public class NTLMAuthentication extends AuthenticationInfo {
         return true;
     }
 
+    /**
+     * Returns true if the given site is trusted, i.e. we can try
+     * transparent Authentication.
+     */
+    public static boolean isTrustedSite(URL url) {
+        return NTLMAuthCallback.isTrustedSite(url);
+    }
+
     /**
      * Not supported. Must use the setHeaders() method
      */